Feedback: Provide first class support for use images from private container registries to create a workspace
MR: Pending
Description
When the pods are created, they cannot pull images in the GitLab container registry or any other private container registry.
Creating a secret and editing the deployment right after the workspace is created on gitlab with "imagePullSecrets: gitlab-registry-credentials" does make it work. But this is a very hacky solution and the changes have to be done constantly since the reconciliation between agent and rails will reset this change.
Using managed Kubernetes services like EKS does not particularly make it easy or potentially even feasible to add the credentials at the node level.
One might expect this to 'just work' with the credentials created for the workspace.
Perhaps a solution is to create the workspace token also with registry read access and before creating the Deployment for the workspace, also create a secret using that token referencing registry.gitlab.com in the workspaces namespace and also adding the 'imagePullSecrets' to the deployment spec.
Acceptance Criteria
TODO: Fill out (required)
-
[Describe what must be achieved to complete this issue.] -
[Describe another requirement needed to complete this issue.] -
[Add additional acceptance criteria as needed.]
Technical Requirements
TODO: Fill out or delete [If applicable, please list out any technical requirements for this feature/enhancement.]
Design Requirements
TODO: Fill out or delete [If applicable, please provide a link to the design specifications for this feature/enhancement.]
Impact Assessment
TODO: Fill out or delete [Please describe the impact this feature/enhancement will have on the user experience and/or the product as a whole.]
User Story
TODO: Fill out or delete [Provide a user story to illustrate the use case for this feature/enhancement. Include examples to help communicate the intended functionality.]
Workaround
The temporary workaround can be found at #441226 (comment 1843510748)